Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Sparrowvsrevolution writes "Four years ago, security researcher Adam J. O'Donnell used game theory to predict in a paper for IEEE Security and Privacy when malware authors would start targeting Macs. Based on some rough assumptions and a little algebra, he found that it would only become profitable to target Apple's population of users when they reached 16% market share. So why are we now seeing mass attacks on Macs like the Flashback trojan when Apple only has 11% market share? O'Donnell says it turns out he may have underestimated the effectiveness of the antivirus used by most Windows users, which now makes overconfident Mac users a relatively vulnerable and much more appealing target. Based on current antivirus detection rates, O'Donnell's equations now show that victimizing Macs becomes a profitable alternative to PCs at just 6.5% market share."

Anti-virus software is good at blocking threats that are not zero-day threats. I.e. known viruses reused. Much of stuff out there that actually does damage falls into this category (think conficker for example).

The only thing that can protect you against zero day threats is having solid security practices on user's end. And even that is not guaranteed (think valve source code theft).

I'm sorry; I love my Macs BUT this last Flasback virus would easily get into your computer without doing anything. All you had to do was visit a page with the virulent java applet for your computer to be infected. Once infected it may attempt to ask a password off you to dive further into your system, but even ignoring it did nothing, the virus was fully active in your system.

Some tech geeks love to think "I'm too smart for me to be infected", and blame anyone with a virus of being stupid. Ironically, those tech geeks" tend to be some of the most vulnerable users for real virus infections, since they refuse to use any anti-virus solution because it will "slow down their system" or patch their systems with latest updates because "it's working fine and I know what I'm doing."

That’s how viruses actually work. Everything that requires you to do something to accept it is qualified as a Trojan. No amount of tech savvinnes makes anyone less likely to get virus infections (unless you are savvy enough to update asap and run some form of antivirus.)

Trojan disguises itself, pretending to be something else, to get into your system (named after the Trojan Horse [wikipedia.org].) A program that says pretends to be a photo file (with a jpg icon) or pose as an antivirus installer would count as a Trojan.Virus simply activates and goes into your system when, lets say, you insert a floppy disk or visit a website. As long as it can infect a machine without the user opening it up, it's considered a virus.

The last java based Flashback was a virus, not a Trojan.

Not only did it require the user to provide a password, as oh_my_080990890 points out, but even if it hadn't, it still wouldn't be a virus, and it still would be a trojan. Trojan versus virus is not a case of "happens with or without user interaction". Viruses infect files - VBS viruses can even infect.html files (ie: Code Red and others from a while back), or image files, or anything else, but they do need a file there to infect, of whatever type of file that virus is intended to infect. Yes, the boot

Just hit up the previous Slashdot Flashback article and you'll see the article title that specifically said that it could go "without user interaction." -- i.e. it was a drive by that installed itself without user interaction.

Sounds like a virus (by anon's definition) to me.

I have a different interpretation: Trojans are applications that pose as legit programs (like codecs or games) that trick you to run the program. Viruses (trojans being a subset of viruses) is

Depends on what you define as market share and what market you are referring to. Back then even though the PC was clearly pulling ahead the race wasn't entirely over. The Atari ST while never getting a foothold in the US was very popular in the UK.

Linux does have significant marketshare in the server and smartphone arenas. Servers are generally more secure than desktop machines (not to mention better maintained), so there's naturally fewer points of vulnerability - this holds true for Windows servers as well. As for smartphones, I've seen a lot of articles about Android malware recently although I haven't personally encountered any.

Generally more secure, but Linux servers are still vulnerable, especially when they are neglected from being looked after. I have signed onto a company that kept a mail server running for years with no updates -- turns out that exim had a security vulnerability and there was a rootkit living on the system for at least a couple years. If the machine was being properly monitored, the chances of infection would be very low (keep on top of updates!), and it would have been detected rather quickly even if it did happen despite that first point.

I still don't know what the attacker gained but apparently it pays off enough to pry on mismanaged Linux servers.

Servers are more secure than desktops in the Linux arena primarily because there is no idiot user sitting in front of the keyboard to click "Ok" when malware tries to install itself. Also, servers aren't typically used for surfing and downloading, so the malware doesn't get a chance to try to install itself.

Only once since I started programming in the late '70s have I seen a machine that was infected without the intervention of a user disabling the anti-virus or installing pirated/downloaded software. Once.

Servers are more secure than desktops in the Linux arena primarily because there is no idiot user sitting in front of the keyboard to click "Ok" when malware tries to install itself. Also, servers aren't typically used for surfing and downloading, so the malware doesn't get a chance to try to install itself.

That's true of Windows too. In fact, it's true *regardless* of the OS.

Nice roundup of articles, but at the end of the day anyone that uses a blanket statement like "Linux = secure" is as stupid as anyone that says Macs are virus-proof.

I know Linux server admins, and all of them take security seriously and acknowledge they are as vulnerable as any other OS if you just lay back and look at them pretty. You have to make sure they are updated, secure, and properly configured for your needs with minimal permissions granted to processes that need them.

Yes, however, I think the GP just venting due to all of the "I have a Mac, so I'm immune to malware" and "Oh, they had problems because they used a PC, they should have gotten a Mac!" that has being going on for so long, even by some here on slashdot.

But, of course, you are correct, it is the user that is the biggest security vulnerability of a computer, in most cases.

A Mac isn’t susceptible to the thousands of viruses plaguing Windows-based computers. That’s thanks to built-in defenses in Mac OS X that keep you safe, without any work on your part.

Is this true? Yes, but only because the malware they are talking about was written specifically for Windows. It has nothing to do with the "built-in defenses in Mac OS X that keep you safe". It is at best disingenuous because the average user reads that to mean "Macs can't get malware".

You want to compare track records? MacOS X, since its inception as NeXT, has been around since the late '80s.

Only now, in 2012, are we seeing the first widespread outbreak of malware. I don't buy the installed base argument. If Mac developers can make money off of the platform, then malware writers sure as hell can, too - more, with its exclusivity, it means they have a large pool of potential targets largely to themselves. I think Apple's willingness to gut and rebuild their systems when desired, and to r

That's just BS. Apple makes a half truth "A Mac isn’t susceptible to the thousands of viruses plaguing Windows-based computers.", The second part of the statement is an out and out lie, there is no possible reading of the second half of the statement that can be taken as factual. "That’s thanks to built-in defenses in Mac OS X that keep you safe, without any work on your part." This is a LIE. They are safe from windows malware because OS.X doesn't run windows programs, there is no built-in defen

Limiting it to just people who have IT experience that I know:(1) One person literally told me that it is impossible for a mac to get a virus.(2) One has said that, since he uses Chrome and MacOS, he can't get malware, period.

That's maybe 10% of the MacIT people I've dealt with, the rest have been in the 'it is less likely' camp.From the non-IT Mac users, it's closer to closer to half, that fall into one of those (or similar, change the web browser), categories.

"Linux" is not one operating system. There are very secure distributions, and then there are distributions that are not so secure, and then there are distributions that can be secure if you stick to best practices.

Just as important, there are multiple distributions. Just as it makes it hard to write commercial software that will run under any version of any distro, it makes it hard to write a virus that will work under any version of any distro. The odds are that Linux viruses will be predominantly scripts because those are relatively portable and applications which run scriptlets don't have nearly the same level of security as the OS itself.

Even then, the massive fragmentation of the application base will severely l

as stupid as windows user are... and I'll grant you they ARE stupid... Absolutely nothing compares to the apple market. There's a price to be paid for making your OS so easy to use that you don't even need to be smart enough to tie your own shoes to use it... namely, that your OS will attract all of the people not smart enough to tie their own shoes.

Now, I know all you apple "power users" are going to get all mad and scream "You're calling me dumb! I'm not dumb!" I'm not saying you're dumb... I'm saying all your friends are dumb... and you make bad technology choices... I'm sure you made a very smart, well informed decision when you chose the wrong operating system.

It's actually been a pretty good strategy thus far. Even if I'd gotten this particular Trojan, my score would still be much lower in the Mac column than in the Windows column. I'll take the 20 years of virus-light computer use, thank you:)

The real question is, now that we have "caught up", are there any decent anti-virus packages for the Mac?

Doing fine. This was a Java trojan, not native. Supposedly, Apple was late with an update Oracle released months ago. Apple needs to leave Java to Oracle. That way, it's not Apple's responsibility to update software they didn't write.

It's the technology, plain and simple. It's the technology that protects and the technology that infects. Apple and Windows use very different technologies. The claim that Apple is safer because of market share makes the implicit assumption that OS X has the same weaknesses that Windows does, it just few people use OS X thus the low exploit level. OS X does not have the same weaknesses. Thus it is safer than Windows.

The current exploit is because of Java not OS X. The exploit remained unpatched b

Maybe it makes sense that they wouldn't start actively targeting Apple until 11.6% market share, but somebody's got to be first and if you are a virus-guy and come across some big vulnerability that will allow you to rapidly infect a ton of machines...you go for it. Maybe he wasn't even targeting apple but stumbled across a vulnerability that would work and jumped on it.

In all of the fights between Windows and Mac users over the disparity in viruses for both platforms, I've never seen a Windows user point out the fact that Windows is often used on infrastructure that is valuable to compromise. No major business runs their corporate infrastructure on Macs. No major sites with valuable data I know of are hosted on Apple hardware. What has changed with the marketshare is that now Macs are used by the upper-middle and upper classes extensively at work and at home. So even at 6.5% of the market, you're far more likely now to compromise a Mac with valuable data or access to it now.

Compromise a Mac today and you might get access to a corporate network, a richer man/woman's bank information, etc. That wasn't true 10 years ago.

It's a factor insofar as it is part of the process of turning Macs into status symbols. Price alone is just one variable; it's the price factor which separates the product from the hoi polloi who couldn't stomach a $2000 professional laptop when a $500 meets their needs easily. It's everything from the packaging, to the build quality and taste, to the marketing and product integration.

Macs were always expensive, but 10 years ago, they were more of an eccentricity or specialty than a high quality replacement

What has changed with the marketshare is that now Macs are used by the upper-middle and upper classes extensively at work and at home

Apple computers have always been expensive. Even as far back as the Apple II, it was the high end 8-bit computer. Later, the Atari ST was based on very similar hardware to the Macintosh, but it did color, and cost half as much.

I've told many 'smug' mac users that the only reason they're not getting viruses like PC's are is because it's not worth it. No one cares about your myspace profile or your doodle you did this morning.

Major businesses handling credit card information or valuable corporate information is ran on PCs, it has all the financial data and so on, hence the target.As soon as macs become popular and worth while, they'll get viruses too.

Most malware these days isn't out to get your personal data, it's only purpose in life is to add another machine to the botnet. For this kind of thing, home computers are actually more valuable, because they're less likely to be firewalled etc.

And from botnet pespective, the only thing that matters is bang for the buck - how many boxes can you infect per dollar spent writing the malware. Which, of course, still favors Windows machines, simply by virtue of there being many more of them.

I've pointed that out before, here on Slashdot. You have a lot of businesses using Windows, not only for their infrastructure, but for the majority of their desktop/laptop computers. A lot of companies only do perimeter security, so once you get inside the firewall, you have a nice, ubiquitous, unprotected network to target, perhaps with hundreds of computers, and profitable data to steal.

If you target Macs only, you get what? Home users? The design department of a company? A lone executive, maybe? I

They call them "Trojans" because they don't want to admit that macs can get viruses. It's all just "malware" nowadays, and the lines are blurred to the point of one being indistinguishable from the other.

The vast majority of malware on PC's are trojans as well, technically. That doesn't stop mac users from decrying all the "viruses".

Back in the 1980s, Macs were very tempting virus targets. They had multitasking operating systems at a time when the rest of us were running DOS or CP/M (although Amiga users and users of DOS multitaskers like DESQview had a small market share). Luckily this was before the internet, so the only real risk was downloaded software.

You rarely if ever downloaded software in 1980s. Stuff was moved around on floppies and other magnetic media such as audio tapes for example. There was some stuff done over BBS but downloading stuff over slow analogue modems was a pain in the ass (I'm thinking 9600 baud and lower that was common in late 1980s).

You aren't kidding. I'd download some stuff from bbses to use personal or to just put on my bbs, but the majority of the stuff I had for download was obtained from friends in person. My favorite part of the day in was recess / lunch where I'd get to swap disks.

More like 2400 baud for the late 1980s. About an hour per megabyte. And yet there was a lot of downloading from BBSes. Things were a lot smaller then, and at least when you pirated some 10MB game you knew it had a fair chance of it running versus finding out that disk 7 of the split archive from the sneakernet was corrupted.

On the flip side, most downloaded applications and games in the '80s were way under a megabyte in size. So although the modems were slow, it really didn't take more than a few hours to do a download.

So I call bullshit. I and most "bit heads" I knew downloaded software and games voraciously in our university days from the BBS systems of the day. What was different is that each of us would download something different, copy it to multiple floppies, and we'd each have a copy.

Back in the 1980s, Macs were very tempting virus targets. They had multitasking operating systems at a time....

But that was not why they were tempting. They were tempting targets because it was REALLY easy to spread a boot-sector virus on floppy discs, even when you didn't hand out the discs yourself you'd just include it on a floppy disc image of some game or utility that was being pirated and it would spread like wildfire from that person to all friends...

Mac OS wasn't any more multitasking than DOS was. Programs like DESQview allowed you to switch tasks in DOS, which is done pretty much the same way as "multitasking" in Mac OS. Macs didn't support preemptive multitasking until OS X. The Amiga had it in 1985.

He says himself that the equation is vastly oversimplified, and a small change in antivirus detection range changes the answer from 16 to 6%. That means the equation is all-but useless and pointless to try to "predict" anything except, apparently, in hindsight.

I could have plucked any number I liked out of the air and wrote a (reasonable) equation to make it come out with whatever answer I wanted, even basing it on "game theory" (which has very, very, very little relevance here, actually) - I could have done that even before I graduated in mathematics (including Game Theory) over a decade ago.

When enough Mac's exist to make it viable (and market share has little to do with it compared to "number of computers active on the Internet" of that particular model), viruses will target them. Guess what, same for every other platform on the planet. If someone miraculously sells a popular device based on MINIX that millions start buying, eventually someone will write a virus for that platform.

I could have plucked any number I liked out of the air and wrote a (reasonable) equation to make it come out with whatever answer I wanted, even basing it on "game theory" (which has very, very, very little relevance here, actually) - I could have done that even before I graduated in mathematics (including Game Theory) over a decade ago.

I'm curious to know what model in game theory he used. My experience with game theory from my Master's degree is political in nature, so the ones I'm most familiar with are the Prisoner's Dilemma and the Stag Hunt. Neither of these really apply in this situation. I can see what he's trying to say, that the combination of Apple's marketshare growing large enough while Microsoft's users average growing more security-conscious makes Apple that much more attractive of a target, I just don't know what game th

The point of game theory isn't to make precise exact predictions about social phenomenon. They are just trying to show how the relationship of many factors could cause a platform to be targeted by viruses.

Rarely does the math of game theory make precise predictions in the real world. They give you a general guideline, but there are too many variables to account for everything.

Since the number of hosts a virus will likely infest grows exponentialy with the share of the population not imune to it (until that share reaches somewhere near 25% of the hosts), those anti-virus should make infecting a Windows machine orders of magnitude harder.

As usual, the press article doesn't include the actual equations. So, it is impossible to know if the study took actual infection spread equations into account.

While I realize there may be some outrage over the "overconfident" label, it does make sense in terms of learned behavior. More specifically, Windows users have known malware has been rampant for so long that:

A) they're used to having to use antivirus, firewalls and other "security" type apps

B) Windows has steadily improved its built-in firewall and anti-trojan features to combat real and perceived vulnerability

C) Windows-based PC OEMs and system builders install anti-virus by default and have for quite some time now.

I can't say whether Macs get a/v software by default but despite our joking about macs not being susceptible to malware, that view is held by far too many mac users. While it might be true statistically speaking relative to Windows, it is unhelpful in being a rightfully vigilant denizen of this wretched hive of scum and villainy we call the Internet.

Mac have no A/V stuff on them by default. Apple does do some anti-malware fighting on a per-item basis these days with updates, but there's no A/V program as you'd normally think.

You can get them, but they don't come installed, and Apple doesn't have or recommend any because they are interested in admitting that viruses are now a Mac thing too. Some of the major A/V vendors have Mac versions. Kinda hit and miss as to which companies have decided it is worth it to port to the Mac. Sophos is one I know does (

Probably failing to take into account the value of the targets compromised was the biggest flaw.

Since the average apple user will be far more profitable (apples are a luxury good and thus will have a higher percentage of wealthy users) to compromise than the average pc user, he needed to adjust the numbers downward to take that into account.

It doesn't matter the platform. Mac, Windows, Linux. Stupid users get viruses. They're the ones clicking on every farking attachment in every farking e-mail they receive without first doing a simple visual check of the email (ie. reading it). They're the ones downloading executables from unknown or untrusted sources and running them on their computers. They're the ones that believe every little farking web browser pop-up informing them that their computer is infected and THEY MUST CLICK HERE NOW!!!!! (Hint: web browser != anti-virus )

If you skip all the marketing fluff and read the technical claims, at best, those articles say that Lion has finally caught up with Windows security-wise - ASLR, browser sandboxing and file encryption have been there since, what, Vista?

They have less DISCOVERED flaws that's true. But it doesn't mean there aren't many which can be discovered and exploited.

And quite frankly their virus-response is crappy. It took ages for them to patch something that Oracle had patched a while ago. I think that's the main issue here - they needed a fire lit underneath them, and even then they worked sluggishly.

The exploit was because of Java and you blame Apple? That's rich. OS X was not at fault. If Oracle got it's act together this would not have been a problem.

And the fanboi shows his colors. Apple was at fault. That java patch was fixed and a patch deployed for every other system well in advance of that news report. Oracle did have it's act together, and resolved the issue. Want to guess why OS X was the only system exploited? Here, I'll give you the answer. Apple maintains (controls) it's own implementation of Java, and is consistently behind the times. That lackadaisical approach (by Apple, not Oracle) is why this outbreak occurred. Apple's fault, NOT Oracle's